FBI Issues Android Virus Warning 129
Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."
Fragmentation (Score:5, Funny)
Clearly, Android isn't fragmented enough yet. The industry needs to work to further fragment the platform until this type of attack isn't viable.
Re: (Score:3)
I was just surprised to read that Android was a Virus...
Should rename these Darwin Viruses (Score:4, Insightful)
Places and things people should not be clicking on in the first place.
Re:Should rename these Darwin Viruses (Score:5, Insightful)
You still have to deal with typo squatters. If you type goole.com instead of google.com or some such you may end up at a phony website designed to phish you.
Fortunately, it seems that the big players have grabbed most of the common typos like gogle.com, bankoamerica.com and so forth. But out of millions of sites, there's bound to be plenty of opportunities for a determined script kiddie.
Re: (Score:1)
Why does it strike me as ironic that your post is about typos, and your sig line is a kvetch about a common typo? Its like you meant it!
Re:Should rename these Darwin Viruses (Score:5, Funny)
It's worse than that; the civic leaders of a market town in South Yorkshire have squatted goole.com.
Oh, yeah, and they can't spell for shit.
Re: (Score:3)
LOL, they have a search field on their site which uses Ask.com :).
Re: (Score:1)
*sigh* Another worthless virus alert (Score:5, Interesting)
No information about attack vectors (such as compromised apps), how to tell if you're infected, what to do if you think you're infected, etc. Par for the course.
Re:*sigh* Another worthless virus alert (Score:5, Informative)
Did you even read the article? They talked a lot about attack vectors... They also went on to tell people how they can protect themselves.
I'd assume downloading an antivirus for your phone or reformatting it would be the best option.
They didn't talk about attack vectors AT ALL, except in the vaguest of terms. They talked about generalities that apply to any platform, not to this specific virus. It's the equivalent of saying "don't set your drink down in a crowded bar." Yes, it's good advice, but at the same time almost completely worthless to put into a press release.
Re: (Score:2)
How many virii are there for the iPhone?
Re:*sigh* Another worthless virus alert (Score:5, Informative)
None, same way there are none for Android. including the malware included in the OP. If it doesn't propagate of it's own accord then it isn't a virus it's just a malicious app AKA malware.
The OP mentions that "website that is designed to push Loozfon on the user's device" this is currently impossible unless there is an explain that is currently un-discussed and if there was such a thing it would be _very_ important, if (as I suspect) this is just another download-this/manually-install-the-app/accept-all-the-permissions/become-screwed idiot-trap then it is hardly news. And BTW there are plenty of these types of app for a jailbroken iPhone
Re: (Score:2)
That's called a Trojan Horse isn't it?
Re: (Score:1)
Re: (Score:1)
Re:*sigh* Another worthless virus alert (Score:5, Informative)
Only took... (Score:5, Interesting)
10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.
I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.
Re: (Score:2)
10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.
I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.
It has nothing to do with the Android Market (that's not where these apps are hosted) it has to do with the fact that on Android phones, you only have to navigate down a few screens to find the check-box that turns off enforcement of market-only content. For users that decide to do that, all bets are off on security as they can say OK to sharing just about any information or permission (except that which wants to alter system level apps). What Google apparently needs to do is add a few more "Are you sure?
Which Android? (Score:3)
Which version(s) of Android are vulnerable and which browsers? How does the attack work? Do I need to download and run a file? Just click on the file? Just visit the web page?
Is this even a real threat? It sounds like a vague alert that anti-virus companies send out to get you to buy their product.
Re: (Score:2)
FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Based on that, it'd be simple websites telling people to download some installer/apk.
Re: (Score:2)
A link within these advertisements leads to a website that is designed to push Loozfon on the user's device.
FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Based on that, it'd be simple websites telling people to download some installer/apk.
I don't think they gave enough details to know for sure that is what's going on - most users won't have configured their phone to install apk's that didn't come from the Android phone, does this attack work against them?
If they are going to go through the trouble to issue an advisory, they should explain how the attack works so we can educate our users.
Re: (Score:2)
most users won't have configured their phone to install apk's that didn't come from the Android phone
a) What?
b) B..b..but what about their Freedoms?
Few people I know with an Android phone care about the freedom of their phone - they liked the features, formfactor, and price point of the phone.
Few users outside of Slashdot's target audience even know that sideloading is an option - they are happy to stick with the Android store.
Re: (Score:2)
Re: (Score:2)
they are happy to stick with the Android store
Well, if they're happy with second-best, probably third-best before too long with the money Microsoft will throw at developers (developers, developers) then, well, good luck with that.
Yes, I know, Microsoft's dominance is right around the corner, just as soon as they get serious about it. Like how they killed the iPod with Zune.
Re:Which Android? (Score:5, Informative)
Even if they don't, let's be honest, the people spending money on Android "superphones" are exactly the people who're rooting, installing ROMS and sideloading. The rest, the much vaunted millions activations per are the people having slow Gingerbread shitboxes rammed down their neck by the retailers and networks that might have a passing interest in something that's "just like an iPhone" but that interest dies as soon as they try to use it and it's slow, jerky and has shit battery life. This is precisely why the web impression figures are so dramatically different between iOS and Android.
The Galaxy S III sold around 20 million units worldwide, I'm having a hard time believing that all of those users are rooting their devices. I have a Galaxy Nexus that isn't rooted (nor have I sideloaded any apps).
Android phones are definitely good for someone that wants to tinker and root and sideload, but they are also solid smartphones out of the box.
I support around 250 devices - split relatively evenly between Blackberry, Android and iPhone. These users are mostly non-technical, and all seem fairly satisfied with their phones, including the Blackberry users (battery life and tight Exchange Integration are the big reasons the BB users are happy with their phones).
Starting with Gingerbread the Android platform stopped causing support headaches (mostly in Exchange syncing), ICS and Jellybean seem to put Android on par with IOS for the most part.
Re: (Score:2)
I also have a hard time believing that everyone's rooting their phone. Hell, I'm a tech-y guy, and I didn't even bother rooting my phone until last week (I have the original Galaxy S, two years old now.)
I have having problems with the carrier's ROM crashing, and I found out there's only two extra steps to flash ICS to the phone rather than their stock ROM.
If I wouldn't have had an issue with Google Play crashing on the phone I wouldn't have bothered rooting it at all.
Re: (Score:2)
I love how your posts are pretty much instantly modded to 2. Every one of them. I mean, you might try making it less obvious.
Do you look for conspiracies everywhere you go? You should read up on Slashdot's Karma Bonus to see why my posts start out at 2.
Slashdot has become infested with Google schills but I find it funny more than anything else since it hasn't actually moved the needle on anything but 1st level help desk computer janitors.
As for "Starting with Gingerbread the Android platform stopped causing support headaches", you can't be serious. Android is still an unmanageable clusterfuck in a corporate, even at JB. I hope you're being paid well enough to post that.
I don't know where JB is, but Android really hasn't been any harder to manage than IOS at our organization. Blackberry is a little harder since we have to run a BES, but in looking at our past helpdesk tickets, our Android and iPhone ticket counts are about the same. Amusingly, sometimes people submit Android tickets as iPhone tickets, apparently they can't tell the difference. (bu
Re: (Score:2)
Given it's the FBI, I'm guessing a LOT of people probably have the Amazon store installed as welll, which means the checkbox is checked. Or, don't underesti
Re: (Score:1)
Android Defence Force to the rescue. Form of Obfuscation and FUD!
Re: (Score:2)
You can't fix stupid. (Score:5, Insightful)
Android is secure enough as it is. My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software, we will always have viruses.
Re: (Score:2)
There is a difference between "unknown software" and "sideloading". Unless you're too incompetent to do a quick background check before downloading and installing an app, there's no inherent risk to sideloading.
I know I've sideloaded a few apps, most of the time to save money while giving more to the app developer. Sometimes the app wasn't available on the market (say, for emulators).
Re: (Score:2)
Ah yes, the Android user refrain. If your ecosystem is fucked and distributing malware and you expect your appliance (which is what people expect a phone, even a smartphone, to be) screws you, well you must be a dumbass. Not helpful and frankly a weak excuse.
Those that expect their phone to act like an appliance shouldn't sideload apps, if I try to turn on sideloading on my phone, it pops up a warning saying that I'm putting myself at risk. If the user accepts that risk, how is it Androids fault by giving them the option?
If someone buys a toaster then tries to rewire it and turn it into a space heater, they are a dumbass if it burns their house down - if you buy something to use as an appliance, then use it as that appliance. Don't open it up and start poking a
Re: (Score:2)
but your Android phone's not gonna burn the house down. Unless you've got a Sony battery in it and you're using it while charging.
Re: (Score:3)
but your Android phone's not gonna burn the house down. Unless you've got a Sony battery in it and you're using it while charging.
And your toaster isn't going to send your contacts and email to hacker groups. Each appliance has its own risks.
Re:You can't fix stupid. (Score:4, Insightful)
My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software
So, basically, you acknowledge you can't sideload safely? How's that walled garden suiting you?
Just like with all software, you need to trust your source. If I don't like Google Market's policies, prices, or selection, I can move to Amazon's App store (or one of the other alternative app stores). Or I can download direct from the software maker.
What alternative does an IOS have if he wants to install an app that's been rejected from Apple's store because of the content or features?
Re: (Score:2)
True. However, with Android, all it takes is a friend to show you how to get "cool appz for free!!!" by installing this that and the other thing and big list of apps for you. Stuff like APKTor (is that still around?).
True me, "paid apps for free" trumps "security". Think dancing pigs [wikipedia.org].
Of course, we had viruses before - I know one developer on PalmOS actually had a virus labelled after one of his products - a bug in his (legitimate) app actually destr
Re: (Score:1)
You're right, he'd have to do without. For me that's not nearly enough to make the difference. I like the iPhone. I have several Apple devices and I like how they all work together. It's certainly not perfection. It's not even close. But I like it, especially for my family.
I've been writing software since the Atari 400 was new. I could handle the Android issues. I'd just rather not.
Re: (Score:2)
I'm not an apple fan, but that is a reasonable option if you are in the iphone ecosystem.
Re: (Score:2)
Yeah, let's all pay Apple a $100 fee to unlock our own devices. There's a few well established names for that sort of thing, and "reasonable" is not one of them.
Great more fuel for the fire... (Score:1)
...as a million iPhone users snicker as the FBI classifies Android as a virus.
Seriously (Score:5, Insightful)
Re:Seriously (Score:5, Insightful)
Wow, dangerous (Score:5, Insightful)
Re: (Score:3)
You underestimate the power of human stupidity.
See: Bonzai Buddy, every IE search toolbar every created, et al.
Re: (Score:3)
Look, the random email said I had to do that crap to see the dancing baby, so I did it. You have a problem with that?
Translation for the masses (Score:2, Insightful)
I will install a normal application, like I have done many time before.
Loading application that are outside of the walled garden is one of the main reasons for using Android. A bunch of my technical friends advocated this as the main reason for buying this phone in the first place.
Re: (Score:1)
And spam still exists because there exist a small minority of people who are simultaneously capable of using computers but not capable enough to learn what spam is and how to avoid it. So what? Because of the small minority of such people, Android is broken? The exact same people could have had their "technical friends" show them how to jailbreak iOS, etc....
Stupid user warning. (Score:2)
>One version is a work-at-home opportunity that promises a profitable payday just for sending out email.
How about a name and shame app showing idiots who fall for this?
Government & Stealth Malware (Score:1)
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a prop
not just Android (Score:3)
FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows...“When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located,” a FinSpy brochure published by WikiLeaks says. Systems that can be targeted include Microsoft Corp. (MSFT)’s Windows Mobile, the Apple iPhone’s iOS and BlackBerry and Google Inc. (GOOG)’s Android, according to the company’s literature. Today’s report says the malware can also infect phones running Symbian, an operating system made by Nokia Oyj (NOK1V), and that it appears the program targeting iOS will run on iPad tablets.
source [paritynews.com]
FBI doesn't issue Android virus warning (Score:2)
FBI? (Score:2)
subject (Score:2)
So all I have to do to keep from getting it is to avoid tapping on ads or obviously fake "system update" texts? Wow, that sounds nigh impossible.
Oh, for the love of... (Score:2)
Come on.
Anyone who does that much work/effort to get malware on their device (as opposed to browser bugs, random click-throughs, etc) deserves to get pwn3d.
Android Virüs Program (Score:1)
Re: (Score:2, Informative)
http://www.slashgear.com/apple-quietly-turns-on-ios-6-iphone-advert-tracking-12251611/ [slashgear.com]
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:1)
Re: (Score:1)
To further invalidate the argument Google's targeting in Android can also be disabled. There's no advantage or disadvantage between iOS and Android as far as ad targeting is concerned.
Also, your sig, I have that beautiful little piece of Bash printed out and posted in my cubicle. It provides some great entertainment when some poor soul actually decides to run it. It's also fantastic for weeding out poorly informed techs.
Education (Score:2)
Re: (Score:1)
Function of a device; consumer (Score:2)
I was thinking [an operating system's job] was to facilitate the function of the device
For one thing, different people have different ideas of what "the function of the device" is. One "function of [a] device" is to allow the user to create additional "function[s] of the device". This is a function that Apple has tended to explicitly reject on an iPad or iPhone. (On the one hand, Codea, but on the other hand, C64 games that got pulled from the store because the user could reboot the virtual C64 to BASIC [slashdot.org].)
for the consumer
Are you trying to imply something special by the word "consumer" as opposed to "user" [gnu.org]?
Re: (Score:2)
Right, you post to a page telling you to avoid the word consumer. That shows the bias of the GNU people. The problem is that the GNU group seems to be confused between the word "user" and developer. While a developer can also be a user, most "consumers" are exclusively users. Because of this, you should not expect a typical end user to care about the code availability, care about what license the code is available under or anything else that you seem to think of as important. To an average end user, what ma
Re: (Score:2)
Re:Education (Score:4, Insightful)
Smart platform vendors donate development platforms to colleges and universities around the world
But not to high schools. Or is there a good reason that kids shouldn't be programming before college? Or between graduating from college and getting a job in the field?
Re: (Score:2)
Smart platform vendors donate development platforms to colleges and universities around the world so that students have a chance to learn. I don't know if Apple does this nor not, but I saw a LOT of apple products in the computer labs when I went to school (20 or so years ago...)
If Apple gave away "development" machines to every learning institution, they would kiss about 75% of their desktop sales goodbye...
Re: (Score:2)
If Apple gave away "development" machines to every learning institution, they would kiss about 75% of their desktop sales goodbye...
What I'm saying is that "smart" vendors do this kind of thing. Obviously you don't give away enough to kill the bottom line, just enough to prime the pump...
Re: (Score:2)
If Apple gave away "development" machines to every learning institution, they would kiss about 75% of their desktop sales goodbye...
What I'm saying is that "smart" vendors do this kind of thing. Obviously you don't give away enough to kill the bottom line, just enough to prime the pump...
Apple's version of that is giving a $100 discount on a $1500 desktop/laptop computer...
Re: (Score:1, Flamebait)
Yeah, removing user/customer freedoms to increase safety is totally the way to go.
Didn't some famous guy say something about that?
Re: (Score:1)
And considering how much the government is fucking you? I think Apple is still a damn sight better. If you're that up in arms about Apple you must go absolutely apeshit over the one party system.
Re: (Score:1)
That's awesome bro
Re: (Score:1)
Re: (Score:1)
Apps leaking private info? Gee, good thing that would never happen in a curated Apple's appstore [forbes.com]. Wait, what? Don't tell me they only cared about apps not crashing and being in line with Apple's policies on design and content.
Re: (Score:2)
If you care about security, get a BlackBerry.
There is no other option,
Re: (Score:3)
Re: (Score:2)
Well, if you were even a little bit informed you'd know that that only affects some BIS users. It's *impossible* for RIM to "hand over the keys" for BES users because they don't have them.
That also ignores the fact that governments don't need special cooperation to spy on communications from Android and iOS users -- those don't even offer you the illusion of security.
So, yes, BlackBerry is the ONLY option if security is a concern. If they're your last option, I hope you're not responsible for making securi
Re: (Score:2)
That's a fallacious argument. The "famous guy's" saying isn't comparable to protecting the average consumer's expectation of having a consumer device that won't leak all of his private info by clicking an "update" or link that is actually a phishing lure.
I don't even own or like Android or iOS devices, but I have kids and a wife who do and it's irritating to know that they are vulnerable and it's why I am moving them to iOS ASAP.
I will gladly offer you the service of taking all those buggy, insecure android devices off your hands and dispose of them properly, for a nominal $50 e-recycling fee. I know it sounds like a steal, but I just like knowing mobile users are secure in the big scary world out there. So go ahead and send me those phones, and don't forget to include the check for $50. I am sure you will forget all about them once your new iOS devices arrive. Oh, and you're welcome!
Exactly! That's why Linux is virus-infested and.. (Score:5, Funny)
Re: (Score:3)
And, when it stops working, you either have a VERY expensive repair to deal with, or a very frustrating time trying to google for helpful info.
Re: (Score:2)
Re: (Score:2)
Get a good HOSTS file. Then you're golden.
Re: (Score:2)